We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.

Script repository

Deny pending Approval Requests to perform operations on object

February 18, 2021 Views: 2638

The script can be used in business rules, custom commands and scheduled tasks to deny pending approval requests to perform operations on the Active Directory object on which it is executed. It can be used, for example, as a part of the user deprovisioning process to clean up requests for operations on the user who is being deprovisioned.

Note: Pending approval requests are requests that have been neither approved, nor denied, nor canceled.
To run the script as a part of a business rule, scheduled task, or custom command, you need to use the Run a program or PowerShell script action.

Parameter:

  • $denyReason - Specifies a reason to describe why the requests were denied.
Edit Remove
PowerShell
$denyReason = "The user was deleted" # TODO: modify me

# Bind to the Approval Requests container
$requestsPath = $Context.GetWellKnownContainerPath("ApprovalRequests")
$container = $Context.BindToObject($requestsPath)

# Get all pending approval requests
$requests = $container.GetApprovalRequests("ADM_APPROVALSTATE_PENDING")

foreach ($requestID in $requests)
{
    # Bind to the approval request
    $guid = New-Object "System.Guid" (,$requestID)
    $guid = $guid.ToString("B")
    $requestPath = "Adaxes://<GUID=$guid>"
    $request = $Context.BindToObject($requestPath)

    # Get the target object GUID
    $targetObjectGuid = New-Object "System.Guid" (,$request.Get("adm-TargetObjectGuid"))
    $targetObjectGuid = $targetObjectGuid.ToString()

    # Skip if the Approval Request does not request an operation on the target object
    if($targetObjectGuid -ine "%objectGUID%")
    {
        continue
    }

    # Deny the request
    $request.Deny($denyReason)
}

Comments 0
Leave a comment
Loading...

Got questions?

Support Questions & Answers